From 7c39f9b4f1a0e54340941e3e14ce21deaf0f2f66 Mon Sep 17 00:00:00 2001 From: Tsz-wo Sze Date: Mon, 16 Jan 2012 04:43:50 +0000 Subject: [PATCH] svn merge -c 1227887 from trunk for HDFS-2697. git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/branches/branch-0.23-PB@1231836 13f79535-47bb-0310-9956-ffa450edef68 --- hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt | 3 + ...appingsProtocolClientSideTranslatorPB.java | 89 +++++++++++++++ .../protocolPB/GetUserMappingsProtocolPB.java | 45 ++++++++ ...appingsProtocolServerSideTranslatorPB.java | 96 ++++++++++++++++ ...nPolicyProtocolClientSideTranslatorPB.java | 86 ++++++++++++++ .../RefreshAuthorizationPolicyProtocolPB.java | 49 ++++++++ ...nPolicyProtocolServerSideTranslatorPB.java | 90 +++++++++++++++ ...appingsProtocolClientSideTranslatorPB.java | 98 ++++++++++++++++ .../RefreshUserMappingsProtocolPB.java | 49 ++++++++ ...appingsProtocolServerSideTranslatorPB.java | 105 ++++++++++++++++++ .../server/namenode/NameNodeRpcServer.java | 53 ++++++--- .../apache/hadoop/hdfs/tools/DFSAdmin.java | 34 ++---- .../apache/hadoop/hdfs/tools/GetGroups.java | 10 ++ .../main/proto/GetUserMappingsProtocol.proto | 49 ++++++++ .../RefreshAuthorizationPolicyProtocol.proto | 45 ++++++++ .../proto/RefreshUserMappingsProtocol.proto | 63 +++++++++++ 16 files changed, 926 insertions(+), 38 deletions(-) create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolClientSideTranslatorPB.java create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolPB.java create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolServerSideTranslatorPB.java create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolClientSideTranslatorPB.java create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolPB.java create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolServerSideTranslatorPB.java create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolClientSideTranslatorPB.java create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolPB.java create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolServerSideTranslatorPB.java create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/proto/GetUserMappingsProtocol.proto create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/proto/RefreshAuthorizationPolicyProtocol.proto create mode 100644 hadoop-hdfs-project/hadoop-hdfs/src/main/proto/RefreshUserMappingsProtocol.proto diff --git a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt index a310c62c875..508ce7ea6e5 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt +++ b/hadoop-hdfs-project/hadoop-hdfs/CHANGES.txt @@ -38,6 +38,9 @@ Release 0.23-PB - Unreleased HDFS-2661. Enable protobuf RPC for DatanodeProtocol. (jitendra) + HDFS-2697. Move RefreshAuthPolicy, RefreshUserMappings, GetUserMappings + protocol to protocol buffers. (jitendra) + IMPROVEMENTS HDFS-2018. Move all journal stream management code into one place. diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolClientSideTranslatorPB.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolClientSideTranslatorPB.java new file mode 100644 index 00000000000..d34d2ffeb8d --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolClientSideTranslatorPB.java @@ -0,0 +1,89 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.protocolPB; + +import java.io.Closeable; +import java.io.IOException; +import java.net.InetSocketAddress; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hdfs.protocol.proto.GetUserMappingsProtocolProtos.GetGroupsForUserRequestProto; +import org.apache.hadoop.hdfs.protocol.proto.GetUserMappingsProtocolProtos.GetGroupsForUserResponseProto; +import org.apache.hadoop.hdfs.protocolR23Compatible.ProtocolSignatureWritable; +import org.apache.hadoop.hdfs.server.namenode.NameNode; +import org.apache.hadoop.ipc.ProtobufHelper; +import org.apache.hadoop.ipc.ProtobufRpcEngine; +import org.apache.hadoop.ipc.ProtocolSignature; +import org.apache.hadoop.ipc.RPC; +import org.apache.hadoop.net.NetUtils; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.tools.GetUserMappingsProtocol; + +import com.google.protobuf.RpcController; +import com.google.protobuf.ServiceException; + +public class GetUserMappingsProtocolClientSideTranslatorPB implements + GetUserMappingsProtocol, Closeable { + + /** RpcController is not used and hence is set to null */ + private final static RpcController NULL_CONTROLLER = null; + private final GetUserMappingsProtocolPB rpcProxy; + + public GetUserMappingsProtocolClientSideTranslatorPB( + InetSocketAddress nameNodeAddr, UserGroupInformation ugi, + Configuration conf) throws IOException { + RPC.setProtocolEngine(conf, GetUserMappingsProtocolPB.class, + ProtobufRpcEngine.class); + rpcProxy = RPC.getProxy(GetUserMappingsProtocolPB.class, + RPC.getProtocolVersion(GetUserMappingsProtocolPB.class), + NameNode.getAddress(conf), ugi, conf, + NetUtils.getSocketFactory(conf, GetUserMappingsProtocol.class)); + } + + @Override + public long getProtocolVersion(String protocol, long clientVersion) + throws IOException { + return rpcProxy.getProtocolVersion(protocol, clientVersion); + } + + @Override + public ProtocolSignature getProtocolSignature(String protocol, + long clientVersion, int clientMethodsHash) throws IOException { + return ProtocolSignatureWritable.convert(rpcProxy.getProtocolSignature2( + protocol, clientVersion, clientMethodsHash)); + } + + @Override + public void close() throws IOException { + RPC.stopProxy(rpcProxy); + } + + @Override + public String[] getGroupsForUser(String user) throws IOException { + GetGroupsForUserRequestProto request = GetGroupsForUserRequestProto + .newBuilder().setUser(user).build(); + GetGroupsForUserResponseProto resp; + try { + resp = rpcProxy.getGroupsForUser(NULL_CONTROLLER, request); + } catch (ServiceException se) { + throw ProtobufHelper.getRemoteException(se); + } + return resp.getGroupsList().toArray(new String[resp.getGroupsCount()]); + } +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolPB.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolPB.java new file mode 100644 index 00000000000..54eeb0a6494 --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolPB.java @@ -0,0 +1,45 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.protocolPB; + +import java.io.IOException; + +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; +import org.apache.hadoop.hdfs.protocol.proto.GetUserMappingsProtocolProtos.GetUserMappingsProtocolService; +import org.apache.hadoop.hdfs.protocolR23Compatible.ProtocolSignatureWritable; +import org.apache.hadoop.ipc.ProtocolInfo; +import org.apache.hadoop.ipc.VersionedProtocol; + +@ProtocolInfo( + protocolName = "org.apache.hadoop.tools.GetUserMappingsProtocol", + protocolVersion = 1) +@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) +@InterfaceStability.Evolving +public interface GetUserMappingsProtocolPB extends + GetUserMappingsProtocolService.BlockingInterface, VersionedProtocol { + + /** + * This method is defined to get the protocol signature using + * the R23 protocol - hence we have added the suffix of 2 the method name + * to avoid conflict. + */ + public ProtocolSignatureWritable getProtocolSignature2(String protocol, + long clientVersion, int clientMethodsHash) throws IOException; +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolServerSideTranslatorPB.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolServerSideTranslatorPB.java new file mode 100644 index 00000000000..4dc771dc61b --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/GetUserMappingsProtocolServerSideTranslatorPB.java @@ -0,0 +1,96 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.protocolPB; + +import java.io.IOException; + +import org.apache.hadoop.hdfs.protocol.proto.GetUserMappingsProtocolProtos.GetGroupsForUserRequestProto; +import org.apache.hadoop.hdfs.protocol.proto.GetUserMappingsProtocolProtos.GetGroupsForUserResponseProto; +import org.apache.hadoop.hdfs.protocolR23Compatible.ProtocolSignatureWritable; +import org.apache.hadoop.ipc.ProtocolSignature; +import org.apache.hadoop.ipc.RPC; +import org.apache.hadoop.tools.GetUserMappingsProtocol; + +import com.google.protobuf.RpcController; +import com.google.protobuf.ServiceException; + +public class GetUserMappingsProtocolServerSideTranslatorPB implements + GetUserMappingsProtocolPB { + + private final GetUserMappingsProtocol impl; + + public GetUserMappingsProtocolServerSideTranslatorPB( + GetUserMappingsProtocol impl) { + this.impl = impl; + } + + @Override + public long getProtocolVersion(String protocol, long clientVersion) + throws IOException { + return RPC.getProtocolVersion(GetUserMappingsProtocolPB.class); + } + + @Override + public ProtocolSignature getProtocolSignature(String protocol, + long clientVersion, int clientMethodsHash) throws IOException { + /** + * Don't forward this to the server. The protocol version and signature is + * that of {@link GetUserMappingsProtocol} + */ + if (!protocol.equals(RPC + .getProtocolName(GetUserMappingsProtocolPB.class))) { + throw new IOException("Namenode Serverside implements " + + RPC.getProtocolName(GetUserMappingsProtocolPB.class) + + ". The following requested protocol is unknown: " + protocol); + } + + return ProtocolSignature.getProtocolSignature(clientMethodsHash, + RPC.getProtocolVersion(GetUserMappingsProtocolPB.class), + GetUserMappingsProtocolPB.class); + } + + @Override + public ProtocolSignatureWritable getProtocolSignature2(String protocol, + long clientVersion, int clientMethodsHash) throws IOException { + /** + * Don't forward this to the server. The protocol version and signature is + * that of {@link GetUserMappingsProtocolPB} + */ + return ProtocolSignatureWritable.convert(this.getProtocolSignature( + protocol, clientVersion, clientMethodsHash)); + } + + @Override + public GetGroupsForUserResponseProto getGroupsForUser( + RpcController controller, GetGroupsForUserRequestProto request) + throws ServiceException { + String[] groups; + try { + groups = impl.getGroupsForUser(request.getUser()); + } catch (IOException e) { + throw new ServiceException(e); + } + GetGroupsForUserResponseProto.Builder builder = GetGroupsForUserResponseProto + .newBuilder(); + for (String g : groups) { + builder.addGroups(g); + } + return builder.build(); + } +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolClientSideTranslatorPB.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolClientSideTranslatorPB.java new file mode 100644 index 00000000000..400d62eba1f --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolClientSideTranslatorPB.java @@ -0,0 +1,86 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.protocolPB; + +import java.io.Closeable; +import java.io.IOException; +import java.net.InetSocketAddress; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hdfs.protocol.proto.RefreshAuthorizationPolicyProtocolProtos.RefreshServiceAclRequestProto; +import org.apache.hadoop.hdfs.protocolR23Compatible.ProtocolSignatureWritable; +import org.apache.hadoop.hdfs.server.namenode.NameNode; +import org.apache.hadoop.ipc.ProtobufHelper; +import org.apache.hadoop.ipc.ProtobufRpcEngine; +import org.apache.hadoop.ipc.ProtocolSignature; +import org.apache.hadoop.ipc.RPC; +import org.apache.hadoop.net.NetUtils; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.authorize.RefreshAuthorizationPolicyProtocol; + +import com.google.protobuf.RpcController; +import com.google.protobuf.ServiceException; + +public class RefreshAuthorizationPolicyProtocolClientSideTranslatorPB implements + RefreshAuthorizationPolicyProtocol, Closeable { + + /** RpcController is not used and hence is set to null */ + private final static RpcController NULL_CONTROLLER = null; + private final RefreshAuthorizationPolicyProtocolPB rpcProxy; + + public RefreshAuthorizationPolicyProtocolClientSideTranslatorPB( + InetSocketAddress nameNodeAddr, UserGroupInformation ugi, + Configuration conf) throws IOException { + RPC.setProtocolEngine(conf, RefreshAuthorizationPolicyProtocolPB.class, + ProtobufRpcEngine.class); + rpcProxy = RPC.getProxy(RefreshAuthorizationPolicyProtocolPB.class, + RPC.getProtocolVersion(RefreshAuthorizationPolicyProtocolPB.class), + NameNode.getAddress(conf), ugi, conf, + NetUtils.getSocketFactory(conf, RefreshAuthorizationPolicyProtocol.class)); + } + + @Override + public long getProtocolVersion(String protocol, long clientVersion) + throws IOException { + return rpcProxy.getProtocolVersion(protocol, clientVersion); + } + + @Override + public ProtocolSignature getProtocolSignature(String protocol, + long clientVersion, int clientMethodsHash) throws IOException { + return ProtocolSignatureWritable.convert(rpcProxy.getProtocolSignature2( + protocol, clientVersion, clientMethodsHash)); + } + + @Override + public void close() throws IOException { + RPC.stopProxy(rpcProxy); + } + + @Override + public void refreshServiceAcl() throws IOException { + RefreshServiceAclRequestProto request = RefreshServiceAclRequestProto + .newBuilder().build(); + try { + rpcProxy.refreshServiceAcl(NULL_CONTROLLER, request); + } catch (ServiceException se) { + throw ProtobufHelper.getRemoteException(se); + } + } +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolPB.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolPB.java new file mode 100644 index 00000000000..842926c9324 --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolPB.java @@ -0,0 +1,49 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.protocolPB; + +import java.io.IOException; + +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; +import org.apache.hadoop.fs.CommonConfigurationKeys; +import org.apache.hadoop.hdfs.protocol.proto.RefreshAuthorizationPolicyProtocolProtos.RefreshAuthorizationPolicyProtocolService; +import org.apache.hadoop.hdfs.protocolR23Compatible.ProtocolSignatureWritable; +import org.apache.hadoop.ipc.ProtocolInfo; +import org.apache.hadoop.ipc.VersionedProtocol; +import org.apache.hadoop.security.KerberosInfo; + +@KerberosInfo( + serverPrincipal=CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY) +@ProtocolInfo( + protocolName = "org.apache.hadoop.security.authorize.RefreshAuthorizationPolicyProtocol", + protocolVersion = 1) +@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) +@InterfaceStability.Evolving +public interface RefreshAuthorizationPolicyProtocolPB extends + RefreshAuthorizationPolicyProtocolService.BlockingInterface, VersionedProtocol { + + /** + * This method is defined to get the protocol signature using + * the R23 protocol - hence we have added the suffix of 2 the method name + * to avoid conflict. + */ + public ProtocolSignatureWritable getProtocolSignature2(String protocol, + long clientVersion, int clientMethodsHash) throws IOException; +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolServerSideTranslatorPB.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolServerSideTranslatorPB.java new file mode 100644 index 00000000000..3ae8c7165dd --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshAuthorizationPolicyProtocolServerSideTranslatorPB.java @@ -0,0 +1,90 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.protocolPB; + +import java.io.IOException; + +import org.apache.hadoop.hdfs.protocol.proto.RefreshAuthorizationPolicyProtocolProtos.RefreshServiceAclRequestProto; +import org.apache.hadoop.hdfs.protocol.proto.RefreshAuthorizationPolicyProtocolProtos.RefreshServiceAclResponseProto; +import org.apache.hadoop.hdfs.protocolR23Compatible.ProtocolSignatureWritable; +import org.apache.hadoop.ipc.ProtocolSignature; +import org.apache.hadoop.ipc.RPC; +import org.apache.hadoop.security.authorize.RefreshAuthorizationPolicyProtocol; + +import com.google.protobuf.RpcController; +import com.google.protobuf.ServiceException; + +public class RefreshAuthorizationPolicyProtocolServerSideTranslatorPB implements + RefreshAuthorizationPolicyProtocolPB { + + private final RefreshAuthorizationPolicyProtocol impl; + + public RefreshAuthorizationPolicyProtocolServerSideTranslatorPB( + RefreshAuthorizationPolicyProtocol impl) { + this.impl = impl; + } + + @Override + public long getProtocolVersion(String protocol, long clientVersion) + throws IOException { + return RPC.getProtocolVersion(RefreshAuthorizationPolicyProtocolPB.class); + } + + @Override + public ProtocolSignature getProtocolSignature(String protocol, + long clientVersion, int clientMethodsHash) throws IOException { + /** + * Don't forward this to the server. The protocol version and signature is + * that of {@link RefreshAuthorizationPolicyProtocol} + */ + if (!protocol.equals(RPC + .getProtocolName(RefreshAuthorizationPolicyProtocolPB.class))) { + throw new IOException("Namenode Serverside implements " + + RPC.getProtocolName(RefreshAuthorizationPolicyProtocolPB.class) + + ". The following requested protocol is unknown: " + protocol); + } + + return ProtocolSignature.getProtocolSignature(clientMethodsHash, + RPC.getProtocolVersion(RefreshAuthorizationPolicyProtocolPB.class), + RefreshAuthorizationPolicyProtocolPB.class); + } + + @Override + public ProtocolSignatureWritable getProtocolSignature2(String protocol, + long clientVersion, int clientMethodsHash) throws IOException { + /** + * Don't forward this to the server. The protocol version and signature is + * that of {@link RefreshAuthorizationPolicyProtocolPB} + */ + return ProtocolSignatureWritable.convert(this.getProtocolSignature( + protocol, clientVersion, clientMethodsHash)); + } + + @Override + public RefreshServiceAclResponseProto refreshServiceAcl( + RpcController controller, RefreshServiceAclRequestProto request) + throws ServiceException { + try { + impl.refreshServiceAcl(); + } catch (IOException e) { + throw new ServiceException(e); + } + return RefreshServiceAclResponseProto.newBuilder().build(); + } +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolClientSideTranslatorPB.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolClientSideTranslatorPB.java new file mode 100644 index 00000000000..65d588326bc --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolClientSideTranslatorPB.java @@ -0,0 +1,98 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.protocolPB; + +import java.io.Closeable; +import java.io.IOException; +import java.net.InetSocketAddress; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.hdfs.protocol.proto.RefreshUserMappingsProtocolProtos.RefreshSuperUserGroupsConfigurationRequestProto; +import org.apache.hadoop.hdfs.protocol.proto.RefreshUserMappingsProtocolProtos.RefreshUserToGroupsMappingsRequestProto; +import org.apache.hadoop.hdfs.protocolR23Compatible.ProtocolSignatureWritable; +import org.apache.hadoop.hdfs.server.namenode.NameNode; +import org.apache.hadoop.ipc.ProtobufHelper; +import org.apache.hadoop.ipc.ProtobufRpcEngine; +import org.apache.hadoop.ipc.ProtocolSignature; +import org.apache.hadoop.ipc.RPC; +import org.apache.hadoop.net.NetUtils; +import org.apache.hadoop.security.RefreshUserMappingsProtocol; +import org.apache.hadoop.security.UserGroupInformation; + +import com.google.protobuf.RpcController; +import com.google.protobuf.ServiceException; + +public class RefreshUserMappingsProtocolClientSideTranslatorPB implements + RefreshUserMappingsProtocol, Closeable { + + /** RpcController is not used and hence is set to null */ + private final static RpcController NULL_CONTROLLER = null; + private final RefreshUserMappingsProtocolPB rpcProxy; + + public RefreshUserMappingsProtocolClientSideTranslatorPB( + InetSocketAddress nameNodeAddr, UserGroupInformation ugi, + Configuration conf) throws IOException { + RPC.setProtocolEngine(conf, RefreshUserMappingsProtocolPB.class, + ProtobufRpcEngine.class); + rpcProxy = RPC.getProxy(RefreshUserMappingsProtocolPB.class, + RPC.getProtocolVersion(RefreshUserMappingsProtocolPB.class), + NameNode.getAddress(conf), ugi, conf, + NetUtils.getSocketFactory(conf, RefreshUserMappingsProtocol.class)); + } + + @Override + public long getProtocolVersion(String protocol, long clientVersion) + throws IOException { + return rpcProxy.getProtocolVersion(protocol, clientVersion); + } + + @Override + public ProtocolSignature getProtocolSignature(String protocol, + long clientVersion, int clientMethodsHash) throws IOException { + return ProtocolSignatureWritable.convert(rpcProxy.getProtocolSignature2( + protocol, clientVersion, clientMethodsHash)); + } + + @Override + public void close() throws IOException { + RPC.stopProxy(rpcProxy); + } + + @Override + public void refreshUserToGroupsMappings() throws IOException { + RefreshUserToGroupsMappingsRequestProto request = + RefreshUserToGroupsMappingsRequestProto.newBuilder().build(); + try { + rpcProxy.refreshUserToGroupsMappings(NULL_CONTROLLER, request); + } catch (ServiceException se) { + throw ProtobufHelper.getRemoteException(se); + } + } + + @Override + public void refreshSuperUserGroupsConfiguration() throws IOException { + RefreshSuperUserGroupsConfigurationRequestProto request = + RefreshSuperUserGroupsConfigurationRequestProto.newBuilder().build(); + try { + rpcProxy.refreshSuperUserGroupsConfiguration(NULL_CONTROLLER, request); + } catch (ServiceException se) { + throw ProtobufHelper.getRemoteException(se); + } + } +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolPB.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolPB.java new file mode 100644 index 00000000000..16a77ff6862 --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolPB.java @@ -0,0 +1,49 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.protocolPB; + +import java.io.IOException; + +import org.apache.hadoop.classification.InterfaceAudience; +import org.apache.hadoop.classification.InterfaceStability; +import org.apache.hadoop.fs.CommonConfigurationKeys; +import org.apache.hadoop.hdfs.protocol.proto.RefreshUserMappingsProtocolProtos.RefreshUserMappingsProtocolService; +import org.apache.hadoop.hdfs.protocolR23Compatible.ProtocolSignatureWritable; +import org.apache.hadoop.ipc.ProtocolInfo; +import org.apache.hadoop.ipc.VersionedProtocol; +import org.apache.hadoop.security.KerberosInfo; + +@KerberosInfo( + serverPrincipal=CommonConfigurationKeys.HADOOP_SECURITY_SERVICE_USER_NAME_KEY) +@ProtocolInfo( + protocolName = "org.apache.hadoop.security.RefreshUserMappingsProtocol", + protocolVersion = 1) +@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"}) +@InterfaceStability.Evolving +public interface RefreshUserMappingsProtocolPB extends + RefreshUserMappingsProtocolService.BlockingInterface, VersionedProtocol { + + /** + * This method is defined to get the protocol signature using + * the R23 protocol - hence we have added the suffix of 2 the method name + * to avoid conflict. + */ + public ProtocolSignatureWritable getProtocolSignature2(String protocol, + long clientVersion, int clientMethodsHash) throws IOException; +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolServerSideTranslatorPB.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolServerSideTranslatorPB.java new file mode 100644 index 00000000000..005c654f2ee --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/protocolPB/RefreshUserMappingsProtocolServerSideTranslatorPB.java @@ -0,0 +1,105 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.hadoop.hdfs.protocolPB; + +import java.io.IOException; + +import org.apache.hadoop.hdfs.protocol.proto.RefreshUserMappingsProtocolProtos.RefreshSuperUserGroupsConfigurationRequestProto; +import org.apache.hadoop.hdfs.protocol.proto.RefreshUserMappingsProtocolProtos.RefreshSuperUserGroupsConfigurationResponseProto; +import org.apache.hadoop.hdfs.protocol.proto.RefreshUserMappingsProtocolProtos.RefreshUserToGroupsMappingsRequestProto; +import org.apache.hadoop.hdfs.protocol.proto.RefreshUserMappingsProtocolProtos.RefreshUserToGroupsMappingsResponseProto; +import org.apache.hadoop.hdfs.protocolR23Compatible.ProtocolSignatureWritable; +import org.apache.hadoop.ipc.ProtocolSignature; +import org.apache.hadoop.ipc.RPC; +import org.apache.hadoop.security.RefreshUserMappingsProtocol; + +import com.google.protobuf.RpcController; +import com.google.protobuf.ServiceException; + +public class RefreshUserMappingsProtocolServerSideTranslatorPB implements RefreshUserMappingsProtocolPB { + + private final RefreshUserMappingsProtocol impl; + + public RefreshUserMappingsProtocolServerSideTranslatorPB(RefreshUserMappingsProtocol impl) { + this.impl = impl; + } + + @Override + public RefreshUserToGroupsMappingsResponseProto + refreshUserToGroupsMappings(RpcController controller, + RefreshUserToGroupsMappingsRequestProto request) + throws ServiceException { + try { + impl.refreshUserToGroupsMappings(); + } catch (IOException e) { + throw new ServiceException(e); + } + return RefreshUserToGroupsMappingsResponseProto.newBuilder().build(); + } + + @Override + public RefreshSuperUserGroupsConfigurationResponseProto + refreshSuperUserGroupsConfiguration(RpcController controller, + RefreshSuperUserGroupsConfigurationRequestProto request) + throws ServiceException { + try { + impl.refreshSuperUserGroupsConfiguration(); + } catch (IOException e) { + throw new ServiceException(e); + } + return RefreshSuperUserGroupsConfigurationResponseProto.newBuilder() + .build(); + } + + @Override + public long getProtocolVersion(String protocol, long clientVersion) + throws IOException { + return RPC.getProtocolVersion(RefreshUserMappingsProtocolPB.class); + } + + @Override + public ProtocolSignature getProtocolSignature(String protocol, + long clientVersion, int clientMethodsHash) throws IOException { + /** + * Don't forward this to the server. The protocol version and signature is + * that of {@link RefreshUserMappingsProtocol} + */ + if (!protocol.equals(RPC + .getProtocolName(RefreshUserMappingsProtocolPB.class))) { + throw new IOException("Namenode Serverside implements " + + RPC.getProtocolName(RefreshUserMappingsProtocolPB.class) + + ". The following requested protocol is unknown: " + protocol); + } + + return ProtocolSignature.getProtocolSignature(clientMethodsHash, + RPC.getProtocolVersion(RefreshUserMappingsProtocolPB.class), + RefreshUserMappingsProtocolPB.class); + } + + @Override + public ProtocolSignatureWritable getProtocolSignature2(String protocol, + long clientVersion, int clientMethodsHash) throws IOException { + /** + * Don't forward this to the server. The protocol version and signature is + * that of {@link RefreshUserMappingsProtocolPB} + */ + return ProtocolSignatureWritable.convert(this.getProtocolSignature( + protocol, clientVersion, clientMethodsHash)); + } +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java index a0e7f51463f..aabd08ecb36 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/NameNodeRpcServer.java @@ -62,12 +62,21 @@ import org.apache.hadoop.hdfs.protocol.HdfsConstants.UpgradeAction; import org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos.ClientNamenodeProtocol; import org.apache.hadoop.hdfs.protocol.proto.NamenodeProtocolProtos.NamenodeProtocolService; import org.apache.hadoop.hdfs.protocol.proto.DatanodeProtocolProtos.DatanodeProtocolService; +import org.apache.hadoop.hdfs.protocol.proto.GetUserMappingsProtocolProtos.GetUserMappingsProtocolService; +import org.apache.hadoop.hdfs.protocol.proto.RefreshAuthorizationPolicyProtocolProtos.RefreshAuthorizationPolicyProtocolService; +import org.apache.hadoop.hdfs.protocol.proto.RefreshUserMappingsProtocolProtos.RefreshUserMappingsProtocolService; import org.apache.hadoop.hdfs.protocolPB.DatanodeProtocolPB; import org.apache.hadoop.hdfs.protocolPB.DatanodeProtocolServerSideTranslatorPB; +import org.apache.hadoop.hdfs.protocolPB.GetUserMappingsProtocolPB; +import org.apache.hadoop.hdfs.protocolPB.GetUserMappingsProtocolServerSideTranslatorPB; import org.apache.hadoop.hdfs.protocolPB.NamenodeProtocolPB; import org.apache.hadoop.hdfs.protocolPB.NamenodeProtocolServerSideTranslatorPB; import org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolPB; import org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB; +import org.apache.hadoop.hdfs.protocolPB.RefreshAuthorizationPolicyProtocolPB; +import org.apache.hadoop.hdfs.protocolPB.RefreshAuthorizationPolicyProtocolServerSideTranslatorPB; +import org.apache.hadoop.hdfs.protocolPB.RefreshUserMappingsProtocolPB; +import org.apache.hadoop.hdfs.protocolPB.RefreshUserMappingsProtocolServerSideTranslatorPB; import org.apache.hadoop.hdfs.security.token.block.ExportedBlockKeys; import org.apache.hadoop.hdfs.security.token.delegation.DelegationTokenIdentifier; import org.apache.hadoop.hdfs.server.common.IncorrectVersionException; @@ -96,7 +105,6 @@ import org.apache.hadoop.ipc.ProtocolSignature; import org.apache.hadoop.ipc.RPC; import org.apache.hadoop.ipc.Server; import org.apache.hadoop.ipc.WritableRpcEngine; -import org.apache.hadoop.ipc.RpcPayloadHeader.RpcKind; import org.apache.hadoop.net.Node; import org.apache.hadoop.security.AccessControlException; import org.apache.hadoop.security.Groups; @@ -162,7 +170,22 @@ class NameNodeRpcServer implements NamenodeProtocols { new NamenodeProtocolServerSideTranslatorPB(this); BlockingService NNPbService = NamenodeProtocolService .newReflectiveBlockingService(namenodeProtocolXlator); - + + RefreshAuthorizationPolicyProtocolServerSideTranslatorPB refreshAuthPolicyXlator = + new RefreshAuthorizationPolicyProtocolServerSideTranslatorPB(this); + BlockingService refreshAuthService = RefreshAuthorizationPolicyProtocolService + .newReflectiveBlockingService(refreshAuthPolicyXlator); + + RefreshUserMappingsProtocolServerSideTranslatorPB refreshUserMappingXlator = + new RefreshUserMappingsProtocolServerSideTranslatorPB(this); + BlockingService refreshUserMappingService = RefreshUserMappingsProtocolService + .newReflectiveBlockingService(refreshUserMappingXlator); + + GetUserMappingsProtocolServerSideTranslatorPB getUserMappingXlator = + new GetUserMappingsProtocolServerSideTranslatorPB(this); + BlockingService getUserMappingService = GetUserMappingsProtocolService + .newReflectiveBlockingService(getUserMappingXlator); + WritableRpcEngine.ensureInitialized(); InetSocketAddress dnSocketAddr = nn.getServiceRpcServerAddress(conf); @@ -177,17 +200,17 @@ class NameNodeRpcServer implements NamenodeProtocols { dnSocketAddr.getHostName(), dnSocketAddr.getPort(), serviceHandlerCount, false, conf, namesystem.getDelegationTokenSecretManager()); - this.serviceRpcServer.addProtocol(RpcKind.RPC_WRITABLE, - RefreshAuthorizationPolicyProtocol.class, this); - this.serviceRpcServer.addProtocol(RpcKind.RPC_WRITABLE, - RefreshUserMappingsProtocol.class, this); - this.serviceRpcServer.addProtocol(RpcKind.RPC_WRITABLE, - GetUserMappingsProtocol.class, this); DFSUtil.addPBProtocol(conf, NamenodeProtocolPB.class, NNPbService, serviceRpcServer); DFSUtil.addPBProtocol(conf, DatanodeProtocolPB.class, dnProtoPbService, serviceRpcServer); - + DFSUtil.addPBProtocol(conf, RefreshAuthorizationPolicyProtocolPB.class, + refreshAuthService, serviceRpcServer); + DFSUtil.addPBProtocol(conf, RefreshUserMappingsProtocolPB.class, + refreshUserMappingService, serviceRpcServer); + DFSUtil.addPBProtocol(conf, GetUserMappingsProtocolPB.class, + getUserMappingService, serviceRpcServer); + this.serviceRPCAddress = this.serviceRpcServer.getListenerAddress(); nn.setRpcServiceServerAddress(conf, serviceRPCAddress); } else { @@ -200,16 +223,16 @@ class NameNodeRpcServer implements NamenodeProtocols { clientNNPbService, socAddr.getHostName(), socAddr.getPort(), handlerCount, false, conf, namesystem.getDelegationTokenSecretManager()); - this.clientRpcServer.addProtocol(RpcKind.RPC_WRITABLE, - RefreshAuthorizationPolicyProtocol.class, this); - this.clientRpcServer.addProtocol(RpcKind.RPC_WRITABLE, - RefreshUserMappingsProtocol.class, this); - this.clientRpcServer.addProtocol(RpcKind.RPC_WRITABLE, - GetUserMappingsProtocol.class, this); DFSUtil.addPBProtocol(conf, NamenodeProtocolPB.class, NNPbService, clientRpcServer); DFSUtil.addPBProtocol(conf, DatanodeProtocolPB.class, dnProtoPbService, clientRpcServer); + DFSUtil.addPBProtocol(conf, RefreshAuthorizationPolicyProtocolPB.class, + refreshAuthService, clientRpcServer); + DFSUtil.addPBProtocol(conf, RefreshUserMappingsProtocolPB.class, + refreshUserMappingService, clientRpcServer); + DFSUtil.addPBProtocol(conf, GetUserMappingsProtocolPB.class, + getUserMappingService, clientRpcServer); // set service-level authorization security policy if (serviceAuthEnabled = diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java index e6abe4fbd20..be88fe6483b 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/DFSAdmin.java @@ -43,14 +43,14 @@ import org.apache.hadoop.hdfs.protocol.DatanodeInfo; import org.apache.hadoop.hdfs.protocol.HdfsConstants; import org.apache.hadoop.hdfs.protocol.HdfsConstants.DatanodeReportType; import org.apache.hadoop.hdfs.protocol.HdfsConstants.UpgradeAction; +import org.apache.hadoop.hdfs.protocolPB.RefreshAuthorizationPolicyProtocolClientSideTranslatorPB; +import org.apache.hadoop.hdfs.protocolPB.RefreshUserMappingsProtocolClientSideTranslatorPB; import org.apache.hadoop.hdfs.server.common.UpgradeStatusReport; import org.apache.hadoop.hdfs.server.namenode.NameNode; import org.apache.hadoop.ipc.RPC; import org.apache.hadoop.ipc.RemoteException; import org.apache.hadoop.net.NetUtils; -import org.apache.hadoop.security.RefreshUserMappingsProtocol; import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.security.authorize.RefreshAuthorizationPolicyProtocol; import org.apache.hadoop.util.StringUtils; import org.apache.hadoop.util.ToolRunner; @@ -791,13 +791,9 @@ public class DFSAdmin extends FsShell { conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, "")); // Create the client - RefreshAuthorizationPolicyProtocol refreshProtocol = - (RefreshAuthorizationPolicyProtocol) - RPC.getProxy(RefreshAuthorizationPolicyProtocol.class, - RefreshAuthorizationPolicyProtocol.versionID, - NameNode.getAddress(conf), getUGI(), conf, - NetUtils.getSocketFactory(conf, - RefreshAuthorizationPolicyProtocol.class)); + RefreshAuthorizationPolicyProtocolClientSideTranslatorPB refreshProtocol = + new RefreshAuthorizationPolicyProtocolClientSideTranslatorPB( + NameNode.getAddress(conf), getUGI(), conf); // Refresh the authorization policy in-effect refreshProtocol.refreshServiceAcl(); @@ -821,13 +817,9 @@ public class DFSAdmin extends FsShell { conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, "")); // Create the client - RefreshUserMappingsProtocol refreshProtocol = - (RefreshUserMappingsProtocol) - RPC.getProxy(RefreshUserMappingsProtocol.class, - RefreshUserMappingsProtocol.versionID, - NameNode.getAddress(conf), getUGI(), conf, - NetUtils.getSocketFactory(conf, - RefreshUserMappingsProtocol.class)); + RefreshUserMappingsProtocolClientSideTranslatorPB refreshProtocol = + new RefreshUserMappingsProtocolClientSideTranslatorPB( + NameNode.getAddress(conf), getUGI(), conf); // Refresh the user-to-groups mappings refreshProtocol.refreshUserToGroupsMappings(); @@ -852,13 +844,9 @@ public class DFSAdmin extends FsShell { conf.get(DFSConfigKeys.DFS_NAMENODE_USER_NAME_KEY, "")); // Create the client - RefreshUserMappingsProtocol refreshProtocol = - (RefreshUserMappingsProtocol) - RPC.getProxy(RefreshUserMappingsProtocol.class, - RefreshUserMappingsProtocol.versionID, - NameNode.getAddress(conf), getUGI(), conf, - NetUtils.getSocketFactory(conf, - RefreshUserMappingsProtocol.class)); + RefreshUserMappingsProtocolClientSideTranslatorPB refreshProtocol = + new RefreshUserMappingsProtocolClientSideTranslatorPB( + NameNode.getAddress(conf), getUGI(), conf); // Refresh the user-to-groups mappings refreshProtocol.refreshSuperUserGroupsConfiguration(); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/GetGroups.java b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/GetGroups.java index 1f2b98fd4ac..5ad227d9e02 100644 --- a/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/GetGroups.java +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/tools/GetGroups.java @@ -23,8 +23,11 @@ import java.net.InetSocketAddress; import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.hdfs.HdfsConfiguration; +import org.apache.hadoop.hdfs.protocolPB.GetUserMappingsProtocolClientSideTranslatorPB; import org.apache.hadoop.hdfs.server.namenode.NameNode; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.tools.GetGroupsBase; +import org.apache.hadoop.tools.GetUserMappingsProtocol; import org.apache.hadoop.util.ToolRunner; /** @@ -51,6 +54,13 @@ public class GetGroups extends GetGroupsBase { throws IOException { return NameNode.getAddress(conf); } + + @Override + protected GetUserMappingsProtocol getUgmProtocol() throws IOException { + return new GetUserMappingsProtocolClientSideTranslatorPB( + NameNode.getAddress(getConf()), UserGroupInformation.getCurrentUser(), + getConf()); + } public static void main(String[] argv) throws Exception { int res = ToolRunner.run(new GetGroups(new HdfsConfiguration()), argv); diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/GetUserMappingsProtocol.proto b/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/GetUserMappingsProtocol.proto new file mode 100644 index 00000000000..d3e2321f5a8 --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/GetUserMappingsProtocol.proto @@ -0,0 +1,49 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +option java_package = "org.apache.hadoop.hdfs.protocol.proto"; +option java_outer_classname = "GetUserMappingsProtocolProtos"; +option java_generic_services = true; +option java_generate_equals_and_hash = true; + +/** + * Get groups for user request. + */ +message GetGroupsForUserRequestProto { + required string user = 1; +} + +/** + * Response for get groups. + */ +message GetGroupsForUserResponseProto { + repeated string groups = 1; +} + + +/** + * Protocol implemented by the Name Node and Job Tracker which maps users to + * groups. + */ +service GetUserMappingsProtocolService { + /** + * Get the groups which are mapped to the given user. + */ + rpc getGroupsForUser(GetGroupsForUserRequestProto) + returns(GetGroupsForUserResponseProto); +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/RefreshAuthorizationPolicyProtocol.proto b/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/RefreshAuthorizationPolicyProtocol.proto new file mode 100644 index 00000000000..45bfaf8576c --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/RefreshAuthorizationPolicyProtocol.proto @@ -0,0 +1,45 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +option java_package = "org.apache.hadoop.hdfs.protocol.proto"; +option java_outer_classname = "RefreshAuthorizationPolicyProtocolProtos"; +option java_generic_services = true; +option java_generate_equals_and_hash = true; + +/** + * Refresh service acl request. + */ +message RefreshServiceAclRequestProto { +} + +/** + * void response + */ +message RefreshServiceAclResponseProto { +} + +/** + * Protocol which is used to refresh the authorization policy in use currently. + */ +service RefreshAuthorizationPolicyProtocolService { + /** + * Refresh the service-level authorization policy in-effect. + */ + rpc refreshServiceAcl(RefreshServiceAclRequestProto) + returns(RefreshServiceAclResponseProto); +} diff --git a/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/RefreshUserMappingsProtocol.proto b/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/RefreshUserMappingsProtocol.proto new file mode 100644 index 00000000000..4e45d523b52 --- /dev/null +++ b/hadoop-hdfs-project/hadoop-hdfs/src/main/proto/RefreshUserMappingsProtocol.proto @@ -0,0 +1,63 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +option java_package = "org.apache.hadoop.hdfs.protocol.proto"; +option java_outer_classname = "RefreshUserMappingsProtocolProtos"; +option java_generic_services = true; +option java_generate_equals_and_hash = true; + +/** + * Refresh user to group mappings request. + */ +message RefreshUserToGroupsMappingsRequestProto { +} + +/** + * void response + */ +message RefreshUserToGroupsMappingsResponseProto { +} + +/** + * Refresh superuser configuration request. + */ +message RefreshSuperUserGroupsConfigurationRequestProto { +} + +/** + * void response + */ +message RefreshSuperUserGroupsConfigurationResponseProto { +} + +/** + * Protocol to refresh the user mappings. + */ +service RefreshUserMappingsProtocolService { + /** + * Refresh user to group mappings. + */ + rpc refreshUserToGroupsMappings(RefreshUserToGroupsMappingsRequestProto) + returns(RefreshUserToGroupsMappingsResponseProto); + + /** + * Refresh superuser proxy group list. + */ + rpc refreshSuperUserGroupsConfiguration(RefreshSuperUserGroupsConfigurationRequestProto) + returns(RefreshSuperUserGroupsConfigurationResponseProto); +}